Internet of things security: A top-down survey

Texte intégral

(1)Internet of things security: A top-down survey Djamel Eddine Kouicem, Abdelmadjid Bouabdallah, Hicham Lakhlef. To cite this version: Djamel Eddine Kouicem, Abdelmadjid Bouabdallah, Hicham Lakhlef. Internet of things security: A top-down survey. Computer Networks, Elsevier, In press, 141, pp.199-221. �10.1016/j.comnet.2018.03.012�. �hal-01780365�. HAL Id: hal-01780365 https://hal.archives-ouvertes.fr/hal-01780365 Submitted on 30 Apr 2018. HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés..

(2) Internet of Things Security: a top-down survey Djamel Eddine Kouicema , Abdelmadjid Bouabdallaha , Hicham Lakhlefa a Sorbonne. Universités, Université de Technologie de Compiègne CNRS, HEUDIASYC UMR 7253 CS 60319; 60203 Compiègne Cedex, France. Abstract Internet of Things (IoT) is one of the promising technologies that has attracted a lot of attention in both industrial and academic fields these years. It aims to integrate seamlessly both physical and digital worlds in one single ecosystem that makes up a new intelligent era of Internet. This technology offers a huge business value for organizations and provides opportunities for many existing applications such as energy, healthcare and other sectors. However, as new emergent technology, IoT suffers from several security issues which are most challenging than those from other fields regarding its complex environment and resources-constrained IoT devices. A lot of researches have been initiated in order to provide efficient security solutions in IoT, particularly to address resources constraints and scalability issues. Furthermore, some technologies related to networking and cryptocurrency fields such as Software Defined Networking (SDN) and Blockchain are revolutionizing the world of the Internet of Things thanks to their efficiency and scalability. In this paper, we provide a comprehensive top down survey of the most recent proposed security and privacy solutions in IoT. We discuss particularly the benefits that new approaches such as blockchain and Software Defined Networking can bring to the security and the privacy in IoT in terms of flexibility and scalability. Finally, we give a general classification of existing solutions and comparison based on important parameters. Keywords: Internet of Things; Security; Privacy; Cryptography; Blockchain; Software Defined Networking. 1. Introduction Nowadays, Internet of Things (IoT) is changing much about the world we live in, the way we drive, how we make decisions, and even how we get energy. Internet of things consists of sophisticated sensors, actuators and chips embedded in the physical things that around us by making them smarter than ever. These things are connected together and exchange huge data between them and with other digital components without any human intervention [3]. IoT contributes significantly to enhance our daily life throughout many applications come from different sectors such as smart cities, smart building, healthcare, smart grids, industrial manufacturing among others. Currently, one of the issues that potentially threats Internet of Things’ devices is the security and the privacy of exchanged/collected data that are often deeply linked to the life of users. Gartner 1 envisioned that, by 2017, more than 20% of organizations and businesses will deploy security solutions to protect their IoT devices. These considerations lead us to underline the importance of enforcing security mechanisms in IoT applications which play a pioneer role in mitigating IoT risks. Security problems in IoT are most challenging than the existing security problems in Internet of nowadays. Indeed, it is instructive to note that the things are highly resources-constrained in terms of computing capacity, memory and energy which make 1 https://www.intrinsic-id.com/intrinsic-id-guardtime-announce-allianceiotblockchain/. Preprint submitted to Journal of Computer Networks. the existing security solutions absolutely not applicable. Moreover, the high number of connected objects, estimated by Cisco [46] to be about 50 billions of objects by 2020, arises scalability issues. These last years, a lot of researches are leading to address the various security challenges closely related to IoT such as key management issues [114], confidentiality, integrity, privacy, policy enforcements [110, 113] among many other challenges. The main works in the literature tried to adapt the security solutions proposed for wireless sensor networks (WSNs) and Internet in the context of IoT. However, we must point out that IoT’s challenges take a new dimension which is far from being easy to overcome with traditional solutions. In addition, we must emphasize that most security approaches rely to centralized architectures, making their applications in IoT much more complicated regarding the large number of objects. So, distributed approaches are required to deal with security issues in IoT. In this paper, we survey the different solutions according to two perspectives, namely the security approaches based on traditional cryptographic approaches and the other approaches based on new emerging technologies as SDN and Blockchain. In the literature, there are some published surveys that cover different aspects of security in IoT. In [14, 74, 127, 137, 108, 66], authors underlined the security challenges and issues in IoT without discussing the various solutions proposed for these challenges. Moreover, Roman et al. [104] discussed the main benefits and also the important issues to be addressed in terms of security and privacy in decentralized architectures. April 30, 2018.

(3) Other surveys are oriented IoT domain applications. In [41, 36] provided an overview about security and privacy challenges in smart grids. Other applications are also discussed in other papers. We can cite Healthcare application in [4] and industrial IoT in [105]. Alaba et al. [5] investigated the main security vulnerabilities and attacks in IoT. Other surveys dealt with IoT security issues and reviewed solutions according to each security service. In contrast, in [111], the authors investigated confidentiality, access control, trust management and privacy solutions in IoT. On the other hand, in [98] Ouaddah et al. reviewed access control solutions. In [94], Kim et al. gave a classification of key management solutions in IoT. In those surveys, the authors focused particularly on classical based cryptographic approaches without discussing the new relevant techniques which could potentially bring huge values in terms of security and privacy. Intrusion detection in IoT is another important research field which has received a high interest of researchers. Some surveys [25, 89] have discussed intrusion detection systems (IDS) in wireless sensor networks and Internet of Things and have provided analysis and comparison of the main existing IDSs. The main common line between the existing surveys is that most of them focus on cryptographic solutions which belong to centralized approaches. However, recently, many emergent technologies (ex. blockchains, SDN) are being adopted by industrials (ex. IBM’s IoT based blockchain solution, named ADEPT) as promising solutions to fix security and privacy issues in IoT that have not been addressed in all existing papers. In this survey, we take a different direction by enumerating the different security approaches, including recent ones and classify them into two main categories: classical approaches and new emerging techniques. Furthermore, we provide a top down review that offers a holistic view of the security in Internet of Things. This review encompasses in three steps the different aspects of security in IoT by starting from generic to specific aspects. We start by enumerating the different challenges related to the various IoT applications. Subsequently, we discuss in more details the several solutions of IoT security recently published in the literature. Finally, we finish our survey with a synthetic comparison and discussion about the most relevant solutions for each IoT application with respect to the several security challenges. By positioning with respect to the aforementioned surveys, the table 1 shows clearly that the contribution of this paper includes, in a comprehensive way, the most relevant aspects such as lightweight cryptographic approaches, blockchain, the context awareness and the coupling securitysafety in IoT. All these aspects constitute the main recent research pieces in the field of Internet of Things security and privacy. The main contributions of this survey are threefold:. Smart grids Smart cities Healthcare Manufacturing Transport Confidentiality Privacy Availability Blockchain SDN Context-awareness Safety-Security. [105] [89] Yes No No Yes No No No Yes Yes No Yes No No Yes Yes No No No No No Yes Yes Yes Yes. [111] [94] No No No No No No No No No Yes Yes Yes Yes Yes No No No No No No Yes No No No. [5] Yes Yes Yes Yes Yes Yes No Yes No Yes No No. [14] No No No No Yes Yes Yes No No No No. Table 1 Recent surveys in IoT security. based to some parameters; and investigate the possibility of applying such approach on a given IoT application. The rest of the paper is organized as follows. Section 2 gives a background about the main security services and the main known techniques to fulfill each service. We discuss and summarize, in section 3, the main security challenges and requirements of some well known IoT applications. In section 4, we provide our classification of security solutions. In section 5, we describe in details the main classical approaches proposed in literature, we classify those approaches according to security services. New emerging approaches based on blockchain and Software Defined Networking technologies are described in section 6. We discuss in section 7, the importance of context awareness to mitigate security in IoT. Section 8 gives details about design approaches of security and safety in CyberPhysical based IoT systems. Section 9 provides a comparison of the proposed security solutions and their applications in the different IoT sectors. Section 10 concludes the paper. 2. Background on security services Security consists of all the techniques that aim to preserve, restore and guarantee the protection of information in computer systems from malicious attacks. Daily news puts security at the top of concerns: leakage of personal data and economic espionage, infection of sensitive computer systems, identity theft and fears about card payments are just few examples of threats. The security of computer networks and information systems in general, consists to provide the following services [96]: • Confidentiality: It ensures that information is made unintelligible to unauthorized individuals, entities, and processes.. • Present the different security challenges and requirements for the main IoT applications, i.e a top down approach. • Survey the literature solutions according to two main points of view (classical and new emerging approaches). • Finally, provide a comparison of the enumerated approaches 2. • Integrity: It ensures that data has not been modified by a third party (accidentally or intentionally). • Authentication: It verifies that the data source is the pretended identity..

(4) Security services Confidentiality. Security mechanisms message encryption / sign-encryption. Integrity. hash functions, message signature. Authentication Non-repudiation Availability. chain of hash, Message Authentication Code message signature pseudo-random frequency hopping, Access control, Intrusion prevention systems, firewalls pseudonymity, unlinkability, k-anonymity, Zero Knowledge Proof (ZKP). Privacy. Some examples symmetric cryptographic mechanisms (AES, CBC, etc); asymmetric mechanisms (RSA, DSA, IBE, ABE, etc). hash functions (SHA-256,MD5, etc); Message Authentication Codes (HMAC) HMAC, CBC-MAC, ECDSA ECDSA, HMAC Signature-Based Intrusion Detection, Statistical anomaly-based intrusion detection EPID, DAA, Pedersen Commitment. Table 2 Security services and mechanisms. • Non-repudiation: It ensures that the sender of the message can not deny having sent the message in the future.. areas in IoT. The main goal is to improve the quality of experience of final customers and optimize the electricity production. To better understand in more details how IoT can improve the electricity production in smart grids, the reader is referred to [78, 36].. • Availability: It ensures that the services of the system should be available for legitimate users. • Privacy: It ensures that users’ identities should not be identifiable nor traceable from their behaviors and their performed actions in the system.. 3.1.1. Security requirements Several works [36, 68] underlined security requirements that must be considered in smart grids. In what follows, we highlight the most important requirements in terms of security and privacy:. Several cryptographic mechanisms have been put in place to deal with the different security threats and ensure the security services mentioned above. We provide in table 2 some of those mechanisms.. • Availability: The network infrastructure, smart meters as well as the control center that handles optimization queries and control commands should be available continuously. Moreover, unauthorized users should not deny authorized users to handle queries.. 3. IoT Applications: security requirements and challenges Internet of Things enables to improve several applications in various fields, such as, healthcare, smarts grids, smart cities, smart homes as well as other industrial applications. However, introducing constrained IoT devices and IoT technologies in such sensitive applications leads to new security and privacy challenges. In this section, we illustrate some important IoT applications and highlight the security requirements and challenges of each application.. • Confidentiality: The exchanged data and queries between smart meters and control systems are sensitive and must not be disclosed by third unauthorized entities. • Integrity: Regarding the type of data exchanged between smart meters and control systems, they are very useful for decision making to optimize energy transmission. Integrity of this data is very important for better decision making. We should also deal with injection attacks that try to inject in the AMI infrastructure false measures that could disturb decisions making.. 3.1. Smart Grids Electrical energy is a treasure which has a very high industrial value, and plays an important role in economic development. Nowadays, we use very modern IT technologies to optimize electricity production by taking into account user demands throughout the electricity distribution line. The smart grid is the technology behind this distribution line. It consists of an integrated network, called also the advanced metering infrastructure (AMI) installed between the electricity production centers and the end customers, whose important role is to coordinate the electricity production with respect to the consumption of end customers. Smart grids represent one of the most attractive. • Non-repudiation: Any entity in the system among the utility servers and the smart meters does not deny that it has not received some data or control commands subsequently. • Privacy: exchanged information in AMI infrastructure contains fine-grained pieces of data about the electricity consumption in houses and buildings. This private data reveals information about customers’ activities in houses and companies. It’s mandatory to protect this data and make it untraceable. 3.

(5) Smart grids. Reso urc e. IoT Applications Manufacturing. Internet of Things’ challenges. Smart homes. r. og. ab. te. Transport. ilit. He. y. Smart cities. l. tion ita im. ity. Mo bi l. Healthcare. Fig. 1. Internet of Things’ applications.. en. e it y. a Sc. l. Fig. 2. Internet of Things’ challenges.. is the hospital while maintaining continuous contact with the physician. Currently, Healthcare based IoT applications represent one of the promising technologies that impact hugely the society which is mainly due to the aging of the population. Indeed, in France, the percentage of people over the age of 60 reached about 24% of the population in 2015 and will rise to 32% by 2060 2 . Furthermore, the budget reserved for healthcare applications reached about 12% of the GDP (Gross domestic product) 3 . In this context of population aging and the cost related to the treatment, a great interest emerges to adopt new IoT based technologies to monitor the patients in real time.. 3.1.2. Security challenges Smart grids should resist against some security challenges. In the following, we present the important ones: • Heterogeneity of communication standards and information system technologies in smart grids. • Scalability issues: as the population and their electrical energy consumption grow faster these years, the number of smart meters and control centers grow explosively. Therefore, security solutions face serious scalability problems.. 3.2.1. Security requirements Based on preliminary studies [4], we summarize the privacy and security requirements in healthcare applications as follows:. • Vulnerabilities related to information system technology: as smart grids are open, we can imagine any kind of attacks that could threat harmfully the availability of the AMI network. Integrity, confidentiality and privacy of data, IP spoofing, injection, DoS/DDos attacks are just examples of attacks among others.. • Authentication: The access to PHRs (Personal Health Record) related to each patient must be protected against non authorized individuals, only physicians and nurses are able to access these records.. • Data sensitivity and privacy: Exchanged information between smart meters and the control center includes sensitive data about customers like electricity consumption, real-time usage of smart meters for each customer. This information must not be leaked by neighbors while keeping it exploitable by control center.. • Confidentiality and Integrity: It’s mandatory to secure communications between patients and hospitals by ensure confidentiality and integrity of exchanged data. • Privacy concerns: Patients should know, in real time, who owns and manipulates their PHRs. In addition, it’s necessary to hide IoT devices’ locations, patients’ identities, etc.. 3.2. Healthcare Smart healthcare plays a significant role in healthcare applications through embedding sensors and actuators in patients’ bodies for monitoring and tracking purposes. The IoT is used in healthcare in order to monitor physiological statuses of patients. The embedded sensors have the ability to collect information directly from the body area of the patient and transmit it to the physician. This technology has the potential to completely detach the patient from the centralized system which. 3.2.2. Security challenges Note that there are a lot of security and privacy challenges issuing from healthcare applications that must be overcome. We highlight, hereafter, the most important challenges: 2 https://www.insee.fr/en/statistiques/1281166 3 https://www.insee.fr/fr/statistiques/1906695?sommaire=1906743. 4.

(6) • Resources limitations: most of embedded sensors and wearable have limited resources in terms of computation, memory and battery. Since the most of cryptographic solutions are computationally expensive, adapting them to ensure a high level of security while minimizing energy consumption is a hard challenge.. • Availability: Vehicular Networks should be available and must persist to jamming attacks [122] aiming to disturb communications between vehicles. All of the above requirements are more or less well studied in literature. However, new similar and additional security issues in V2G (Vehicle to Grid) should be studied furthermore, for example:. • Mobility: sensors and actuators are embedded in human bodies which in general are mobile. Taking in consideration mobility in security solutions is a serious challenge.. • Secure transactions between vehicles and smart grid network providers.. • Heterogeneity: the communication between sensor nodes and hospital servers or CPU units in general are done over Internet where networks, protocols and communication mediums are heterogeneous and have different security configurations. Moreover, sensor devices measure physiological data (heartbeat, body temperature, etc) which are heterogeneous in terms of units of measurements and delivery frequencies. Developing an adaptive security solution that works in heterogeneous environments is extremely challenging.. • Privacy concerns are more interesting in V2G communications. Indeed, we need to hide sensitive information such as: location, charging time, the amount of battery, etc. from intruders while maintaining this information accessible from authorized entities for optimization and charging coordination purposes. 3.3.2. Security challenges There are many challenges to which intelligent vehicles and intelligent transportation systems face and make their security more complicated to achieve:. 3.3. Transportation systems Intelligent transportation systems (ITS) represent the next generation of transportation that aims to link people, roads and intelligent vehicles thanks to the development of embedded systems and communication technologies. By connecting and distributing intelligent processors inside vehicles and also through transportation infrastructure, we can make the transportation safer, greener and more convenient. ITS employs four main components, namely: vehicle subsystem (consists of GPS, RFID reader, OBU, and communication), station subsystem (roadside equipment), ITS monitoring center and security subsystem [76]. Connected vehicles are becoming more important with the aim to make driving more reliable, enjoyable and efficient [50]. Actually, we have three types of communications in vehicular networks: V2V (Vehicle to Vehicle), V2I (Vehicle to Infrastructure) and V2P (Vehicle to Pedestrian) [76]. However, recently, a new type of communication has emerged, called V2G (Vehicle to Grid), whose main goal is to ensure electrical Vehicles charging based on energy of smart grid electricity distribution [78].. • Diversity of attacks’ sources: vehicular networks are exposed to all kinds of attacks (inside and outside) which harm the safety and the privacy of drivers. Exchanged information must be securely delivered and protected from any kind of attacks in order to avoid damages and accidents [87]. • High mobility: intelligent vehicles evolve in highly dynamic environments, where changes in the network topology are made frequently. This makes the deployment of security solutions highly challenging. • Heterogeneity: The diversity of the entities involved in the transportation system [87]. Attacks could come from any of those entities or from a set of entities conducting a Distributed Denial of Service (DDoS) attacks. 3.4. Smart cities Smart cities consist of one of the most important applications of IoT. Although, there is no formal definition of "smart city", it consists of a new emerging paradigm that aims to enhance the usage of public resources, increase the quality of service to citizens [135]. In this context, sensors are deployed all over roads, buildings, smart cars, etc. to better manage traffic, adapt to the weather, lighting follows the position of the sun, domestic incidents can be avoided with alarms, etc.. 3.3.1. Security requirements There are some security concerns need to be considered in order to secure different types of communications in vehicular networks. • Authentication: It’s mandatory to authenticate senders of messages.. 3.4.1. Security requirements Smart cities claim a lot of security requirements:. • privacy: Privacy of drivers must be protected against unauthorized observers. Their identities must not be revealed to neighbors.. • Confidentiality of information and access control of sensitive data.. • Non-repudiation: Drivers causing accidents should be reliably identified.. • Authentication of users and information’s origins. 5.

(7) Applications Challenges Resources constraints Mobility Heterogeneity Scalability QoS constraints Data management Lack of standardization Amount of attacks Safety. Smart grids. EHealth. Transportation systems. Smart cities. Manufacturing. + + ++ +++ ++ ++ ++ + ++. +++ ++ ++ ++ ++ + ++ + ++. +++ ++ +++ +++ ++ ++ +++ +++. ++ +++ +++ +++ +++ +++ ++ +++ ++. + + ++ +++ ++ +++ +++ +++. Table 3 Main Security challenges. • Integrity of data is also very important as these pieces of data are sensitive and participate in decision making and enhance the daily life of citizens in the smart cities.. 3.5.1. Security requirements IIoT systems claim the following important security requirements:. • Availability of information for users and decision-makers. 3.4.2. Security challenges Several security and privacy concerns are necessary to be addressed in the smart cities. In what follows, we present the most important challenges: • Very high level of heterogeneity: in smart cities, heterogeneous smart devices (in terms of capabilities, behaviors, goals, etc.) are deployed anywhere in cities and are gathered together in one single ecosystem. In addition, there is no communication standard for all the components that behave differently, which are also dedicated for different applications.. • Availability of the system: It’s very fundamental that the manufacturing system continues to operate even under critical situations. This includes particularly the deployment of DoS countermeasures to maintain the availability of the system. Cyber-Physical systems subjected to real-time constraints introduce new challenges. To launch DoS attacks, the adversary can: 1) jam communication channel, 2) compromise sensors and prevent them to send measurement, 3) disrupt routing protocols, etc. • Integrity : Any industrial system needs a reliable information to prevent any failure or physical damage. Thus, we need to preserve the integrity of the exchanged information between IoT devices behind the industrial system. Integrity issues might also cause safety problems in Cyber-Physical Systems when Industrial IoT components receive false data and believe it to be true.. • Scalability: It is another serious challenge regarding the number of smart devices that continues to grow daily.. • Confidentiality: The manufacturing process is very secret and sensitive against espionage attacks. Therefore, we must protect data, code, system configurations by means of encryption mechanisms.. • Data management issues: several challenges arise about the management of the huge amount of data generated by smart devices in the smart cities. Actually, many questions arise: how to locate data, control access to this data and preserve its integrity and privacy.. • Authentication: In manufacturing systems, some production tasks are outsourced to third parties. Therefore, it’s mandatory that these third parties must be authenticated and prove its trustworthiness.. 3.5. Manufacturing Nowadays, IoT plays an important role in the industry. It is considered as a promising solution to automate the process of manufacturing and the control of the production chain. Industrial Internet of Things (IIoT) uses new technologies such as Machine-to-Machine (M2M) communication, Wireless Sensor Networks (WSN), automation technologies as well as Big Data to create an intelligent industrial ecosystem [105]. The main aim of IIoT is to provide better productivity, efficiency, reliability and better control of final products.. 3.5.2. Security Challenges In IIoT, there are serious security challenges that need to be addressed: • Cyber-Physical attacks: Manufacturing system is one of the most targeted systems by attackers [105]. Trojans, viruses, DoS/DDos attacks and software compromises are just few examples among others. • Scalability issues: As manufacturing Cyber-Physical Systems grow continuously, security solutions should deal with this expansion. 6.

(8) • Lack of standardization: In practice, there is no existing standard protocol that is adopted in all SCADA based IoT systems. Indeed, there are about 150 to 200 open standards [88].. are implicated makes that the security issues even more complicated. At this stage, we might think about the application of new emerging techniques such as blockchain and SDN to meet more efficiently these challenges. We discuss in the sections 6.2 and 6.2, the main benefits of these techniques. Other challenges are more likely inherent to some specific applications such as the mobility challenge in transportation systems and the lack of standardization in manufacturing systems and smart cities applications [88]. These challenges should be investigated separately and carefully in each application in order to meet the requirements of each application. We can think about the high mobility of connected cars that could make the trust management problem a very hard task to achieve compared to other applications where the mobility is low [55, 131]. We note also that some IoT applications present safety challenges that must be addressed jointly with the security regarding the complex relations between the two aspects [115]. Manufacturing system is an example of these applications. Indeed, security attacks in control systems could impact the configuration of this later and thus will evolve safety problems [115, 22]. We will discuss in more details these challenges related to safety and security in manufacturing based IoT systems in section 8.. • Resources limitation: IoT devices and actuators used in manufacturing field which are in general employed in practical architectures that claim low cost and present constraints in terms of computation and power. • Safety challenges: Manufacturing systems in general and SCADA systems in particular are vulnerable to several type of attacks, namely: misuse of resources, user compromise, root compromise, virus, social engineering, torjan, worm, denial of services, etc [26]. These attacks impact hugely SCADA systems by disclosure, disrupt, distort and destruct control messages which might cause big damages that harm the safety of the hole system. In 2010, a group of unknown attackers created complex worm called Stuxnet 4 which is one of the most known attacks that aimed at disrupting control messages in SCADA systems. It targeted only controllers from one specific manufacturer (Siemens). This worm caused a lot of safety damages in SCADA based control systems. Experiences demonstrated the importance of enforcing security and safety mechanisms in SCADA systems in particular and Industrial Internet of Things in general. Risk assessments design tools that consider both of safety and security are necessary in order to anticipate some countermeasures against malicious attacks in the early stages of industrial system design. In section 8, we discuss in more details this important challenge of safety in manufacturing systems which is related to security attacks. We discuss also the several solutions to overcome this challenge.. 4. Taxonomy of security solutions in IoT Security subject is one of the hot research problems in IoT and has attracted a lot of researchers not only from academic and industry but also from standardization organizations. To date, there have been a lot of proposals aiming to address the security problems in IoT. In this section, we propose a classification of these solutions from an architectural point of view and we illustrate in figure 3, our classification of security solutions in Internet of Things. We distinguish in the light of this classification two main categories of approaches: 1. Classical approaches: this category of solutions groups the cryptographic based techniques that were especially designed for IoT communications or have been adapted from wireless sensor networks or M2M communications. In section 5, we present only the most significant solutions and we provide the main limitations of each proposal. We note that in this survey, we focus basically on solutions that ensure: confidentiality, privacy and availability services. It is worth mentioning that most of these solutions operate in centralized environments where we have central trusted entities ensuring the proper functioning of the security services. The cryptographic tools employed to ensure the security services are whether symmetric or asymmetric techniques that we will discuss by pointing out their main advantages and limitations in the context of IoT for each security service. 2. New emerging security solutions: This category groups security solutions that are based on new techniques other than cryptographic tools. They are more convenient to meet the scalability issues compared to cryptographic approaches. In general, the solutions belonging to this category are decentralized. In section 6, we focus on two emerging technologies :. 3.6. Discussion In the light of the challenges and the security requirements of the main IoT applications presented above, we provide in table 3 a summary of those requirements by highlighting the main aspects inherent to each IoT application. In the high level picture, the security in IoT applications is considered as a hard issue to solve and it faces a lot of challenges. Basically, we highlight resources constraints, heterogeneity and scalability challenges which are more likely common to several applications. Indeed, most of applications operate in highly distributed environments with the use of heterogeneous smart objects, sensors and actuators that are limited in terms of power and computation resources [94, 111]. These three challenges make the security very hard to solve with current approaches. Indeed, these later are based on greedy cryptographic tools operating on centralized environments (the need to central trust authorities to manage cryptographic keys for objects) and thus they are not suitable for IoT applications which are distributed [94]. Moreover, the huge amount of objects that 4 http://large.stanford.edu/courses/2015/ph241/holloway1/. 7.

(9) Fig. 3. IoT security solutions. (a) Software Defined Networking (SDN), which is a new network paradigm that is revolutionizing the world of networking this last years. Its aim is to provide an environment to develop more flexible network solutions and make the network resources more easy to manage using centralized SDN controller. Many SDN based security solutions for IoT have been proposed in the literature. We will discuss in more details these solutions in section 6.1. (b) Blockchain technology, which is the technology behind the cryptocurrency tools such as bitcoin, aims to make the transactions between entities in a distributed manner (peer to peer architecture without referring to any central trusted server. Moreover, this solution does not require that entities trust each other. In this technology, it is piratically impossible to deny performed transactions once they are validated. Beside its application on the cryptocurrency domain, these last years, a lot of researchers have started to put the light on this technology in order to address security solutions in IoT such as data privacy, access control, etc. We present an analysis of these solutions in section 6.1. We present mainly in section 6 the benefits of SDN and blockchain in terms of security, their key advantages, the issues that these technologies can solve and classical approaches can’t and also their limitations.. pieces of information about the IoT objects locations, their battery levels, the number of their surrounding objects, etc. These pieces of information might be relevant to enhance the security and thus they can be applied to design more flexible and context-aware security solutions without referring to cryptographic approaches. From our perspective, context-awareness solutions could be shown as complementary techniques with respect to cryptographic solutions. For example, considering a heavy cryptographic algorithm to authenticate one IoT device A. In some situations, it is interesting sometimes to: • Not perform the adopted cryptographic algorithm to authenticate A because it does not have sufficient energy to perform the heavy cryptographic operations and thus saves its battery while it is situated in a safe area. • Consider other information related to device A to identify it without relying to cryptographic mechanisms. This information could be the location of A, the date of its last authentication, the owner of A, etc. We will discuss in section 7 furthermore context-awareness solutions, how they can be applied to enhance the security in IoT and their potential benefits. 5. Classical IoT security approaches In this section, we review and discuss the main proposed solutions which are based on cryptographic approaches to address the main security services. Considering the traditional approaches, we focus on: confidentiality, availability and privacy services.. Even though the solutions presented in sections 5 and 6 address most of the important challenges such as scalability, resource limitations, they are still not convenient enough in dynamic IoT environments such as vehicular networks where the context evolves frequently. Often, the context groups many 8.

(10) keys per node. The main idea consists to introduce new mechanisms based on a hash function to generate half of symmetric keys while storing the other half in sensors’ memories. In Probabilistic key distribution, it’s not guaranteed that each node in the network shares a secure key with all other nodes, but the nodes share keys with their neighbors according to some probabilities in such way we must be able to form secure paths 5 between all entities in the network. With this approach, the scalability issues are solved, but the key management protocols become less resilient in case of nodes’ comprises. In the literature, there are a lot of probabilistic key management schemes. The first probabilistic key distribution scheme for WSNs is the scheme called Random key pre-distribution (RKP) proposed by Eschenauer et al. [45]. In this scheme, each node i in the network is pre-charged randomly with a set of key ring of size k, let’s Ri the subset of pre-loaded keys on the node i, selected from a large pool S. After the deployment of sensor nodes, each node i broadcasts its keys’ identifiers to its neighbors. The node i establishes a key session between some neighbor j only if the intersection between Ri and Rj contains at least one key (Ri ∩ Rj , ∅), and thereby they choose one key among Ri ∩ Rj as a session key. In the case of (Ri ∩ Rj = ∅), nodes i and j determine a secure path composed of secure links. The main drawbacks of this approach are its memory consumption required for keys storage and importantly its non resiliency against key compromise attacks. Indeed, if some nodes are compromised by an attacker, all the session keys that these nodes have established with their neighbors will be disclosed which corrupt fundamentally the security of the network. Some enhancements [27, 42] of the basic RKP scheme have been proposed; namely: Q-Composite scheme [27] enhances the resiliency of RKP by introducing additional requirements in order to establish session keys between nodes, basically two nodes i and j can establish a session key only if they share at least Q keys used to compute a pairwise key obtained by computing the hash of all the concatenated shared keys. In [42], Du et al. proposed a solution to overcome key storage issue of RKP by establishing only the necessary session keys. On the other hands, Blom’s scheme [18] is also a very efficient scheme that is very suitable for WSNs and IoT as claimed by some researchers [53]. In Blom’s scheme, the secret keys are vectors obtained by simple matrix multiplications. The idea is that, each node i has an identifier Ii randomly generated and known by all nodes in the network. In the deployment phase, private key gi for the node i is generated from its identifier as follows: gi = DIi , where D is a secret symmetric matrix generated over the finite field GF(p) and p is a prime. For the node i, in order to share a secret key with node j, it computes secretij = gti Ij = gtj Ii . Obviously the security of the scheme is strongly dependent of the secret matrix D which must be kept carefully by a central trust server and used also to add sensor nodes to the network. Most of the key management solutions proposed in the literature have been designed for Wireless Sensor Networks but very few works were proposed initially to meet directly the security requirements in IoT. Recently, Sicari et al. investigated. 5.1. Confidentiality solutions In Internet of Things, we need to protect data exchanged between objects from attackers by means of encryption mechanisms. Hence, we should ensure that only legitimate users are able to disclose encrypted data. For this goal, cryptographic solutions exist to ensure data confidentiality, however, in most cases, these solutions are inefficient or even inapplicable in IoT devices with high resource constraints because they are based on algorithms that are very greedy in terms of storage and computation. To get an idea about the energy consumption and the effeciency of the different cryptographic algorithms, the reader is invited to read the paper of Malina et al. [85] where intensive analysis was investigated to compare the different cryptographic primitives widely used in security and privacy. Considering the power limitation of smart objects, a lot of cryptographic solutions have been proposed to deal with resources constraint’s issues. Basically, these solutions belong into two main classes, namely symmetric and asymmetric cryptographic solutions. 5.1.1. Symmetric key solutions In Symmetric key schemes, each entity in the system should share cryptographic keys with all other entities in the system. The main advantages of symmetric based cryptographic solutions are their efficiency (they are less-computational) and easy to implement in hardware platforms. AES (Advanced Encryption Standard), RC4 and 3DES are just few examples widely used in practice. Although their efficiencies, symmetric key based security solutions suffer from scalability and key management issues. Indeed, this latter emerges as serious problem in Internet of Things where there are a lot of devices that exchange sensitive data in dynamic environments. In Symmetric key based solutions, each device must keep secret keys with all the devices evolving in the IoT system in order to exchange sensitive data. Basically, we can distinguish between two key distribution approaches [53], namely : 1) Probabilistic key distribution and 2) Deterministic key distribution. In deterministic approaches, each entity must be able to establish a secure link with all other entities to form a full secure connectivity coverage. Therefore the number of shared keys in the system increases quadratically according to the number of entities (for n entities, we need n(n − 1)/2 keys). Depending on the presence or not of a trust third party during key bootstrapping, we distinguish two sub-categories [53], namely : 1) offline key distribution approach where nodes can share session keys with a distributed way without the intervention of any central entity; and 2) Server-assisted key distribution where we dispose of a central server that is charged of expensive cryptographic computations and attributes session keys to IoT devices. In contrast, Leap scheme [138] uses a kind of temporary key which is kept in sensor nodes to generate session keys and is removed from the memory when the key agreement is done. For security purposes, Leap requires that sensor devices must not be exposed to attacks during a predefined time after the deployment. In [30], the authors proposed a memory-efficient key management scheme that reduces the storage to only (n − 1)/2. 5 path. 9. composed from a set of successive secure links.

(11) a key management issue in distributed and dynamic Internet of Things environments [114]. They integrated two key management solutions (Dini et al. [40] and Di Pietro et al. [39] schemes) in their middleware based IoT architecture named NOS (NetwOrked Smart object) which has been designed initially as a distributed platform for data storage and processing between IoT devices that act as data sources and the users that act as services consumers [102, 112].. Internet of Things, and hence the need for a new effective access control mechanism is unavoidable. The authors proposed a new access control mechanism called capability-based access control (CapBAC), which can overcome the actual issues in terms of scalability and manageability raised with the existing access mechanisms. The idea behind the concept is the usage of capability based authority tokens which are unfalsifiable and easy to communicate and grant seamlessly the access to IoT resources and process.. 5.1.2. Traditional Public key solutions Traditional Asymmetric approaches group all methods based on public keys and requires the authority to issue certificates to different users in the system. In this family, we find RSA, DSA, El Gammal, NTRU, ECC cryptosystems, etc. The advantages of these approaches are their flexibility, scalability and key management efficiency. However, these solutions are energy-consuming which are not suitable for constrained devices. NTRU consists of the less computational asymmetric approach based on the shortest vector problem in a lattice [94], however it requires more memory space to store keys. Elliptic curves are also in some cases very efficient and can ensure the same level of security as RSA and similar asymmetric cryptographic approaches with keys of small sizes [28]. Indeed, with 80-bit security level, we need only keys of 160 bit contrary to RSA where we need keys of 1024 bits. The contribution in [81] is twofold. First a signcryption called DQAC scheme has been designed to sign and encrypt query messages which ensures authentication and confidentiality and it also preserves the privacy of users requesting WSNs’ data. Second, a distributed access control based on the proposed signcryption scheme in addition to proxy based signature in order to anonymize users’ identities. The proposed signcryption technique is based on Elliptic curve and is securely provable under the Computational Diffie-Hellman model. The authors in [60] considered network users as a set of predefined groups, where each user is assigned to a single group. The groups are constructed in such a way users having the same access privileges belong to the same group. The main proposal consists on "privacy-preserving" ring signature scheme considering the members of each group as the nodes forming the ring. This technique allows IoT devices (signature verifiers) to grant access to legitimate users (signers) without disclosing the identity of each user neither from sensor data owner nor from other users. The only revealed information about queries is the group (gid) containing the signer’s group ID from which the query is originated without knowing exactly which signer. The experiments were performed in real Imote2 platform running TinyOS 6 demonstrate the efficiency and feasibility of the scheme in real WSN and IoT applications. In [56], authors claimed that, actually, existing access control mechanisms like RBAC (Role Based Access control), MAC (Mandatory Access control) are not anymore scalable, difficult to manage and don’t fit well with distributed environments like. 5.1.3. Identity Based Encryption (IBE) The main issue of transitional public key cryptosystems is that they are not scalable enough. Indeed, they strongly depend on the authority that issues certificates for each user in the system which is required in order to deal with spoofing and identity usurpation. Therefore, certificates raise the complexity of the system. In order to overcome the scalability and the complexity issues, Identity Based Encryption tools have been proposed by introducing a new concept that consists to use unforgeable string related to the user identity (such as user’s phone number, email address, etc.) as public key to encrypt data and thereby eliminate the need for certificates. Although their scalability and efficiency, IBE techniques are not very suitable for IoT because they are expensive and incur heavy resource consumption. In the literature, some research works have been investigated to design new, efficient, and lightweight IBE schemes that could support constrained devices. Using Elliptic Curve Cryptosystems, bilinear maps and hash functions, Chen [29] proposed a new lightweight Identity Based Encryption scheme to secure communications between devices based RFID tags. The main advantage of the scheme is its simplicity and its ability to reduce substantially the computation overhead. However, the authors did not provide any discussion about the security of the scheme. Fagen et al. [77] addressed the access control problem in WSN in the context of IoT where internet hosts query WSN to get sensor information. The main contribution consists of heterogeneous signcryption (HSC) technique based on two mechanisms: (1) certificateless cryptography (non usage of certificates) that belongs to internet hosts; and (2) IBC cryptographic technique that belongs to WSN environment. As singcryption technique, the proposed scheme ensures both authenticity and confidentiality with less computation. Moreover, it is useful to control the access between heterogeneous environments. In [70], a signcryption scheme has specially designed for WSNs in the context of Internet of Things. The scheme is based on elliptic curves and is secure under the Diffie-Hellman computation hypothesis. Nevertheless, this scheme is applied only in contexts where the verifiers are always powerful nodes that have enough computational resources and it’s consequently very heavy for IoT devices. Fuzzy identity-based Encryption (FIBE) is considered as an enhancement of IBE with introducing error-tolerance property. The main idea behind FIBE is to give the users, having at least k among n attributes, the possibility to decrypt the ciphertext encrypted under the hole attributes (n) [106]. In [86], the authors designed FIBE scheme based on bilinear maps which. 6 embedded,. component-based operating system: http://tinyos.stanford.edu/tinyos-wiki/index.php/TinyOS_Documentation_Wiki. 10.

(12) is securely provable in the full model. Performance analysis demonstrated the applicability of this scheme in IoT.. On the other hand, Nouha et al. [99] proposed ABE based solution that ensures a tradeoff between computation and storage capacity of constrained devices. They use a pre-computation 5.1.4. Attribute Based Encryption (ABE) technique in order to reduce computation cost. This technique consists to pre-compute and store in a lookup table a set of The concept of Attribute Based Encryption has been intropairs obtained generally with expensive cryptographic operaduced, first, by Sahai and Waters in Advances in Cryptology tions done on elliptic curves and pairing group settings. This EUROCRYPT 2005 [106] as an enhancement of Fuzzy Based information is used later to carry out cryptographic operations Identity Encryption [19, 32]. ABE introduces an expressive with very low computations. The main drawback of this soluway to control the access to private data using policy access tion is that the look-up table must be as bigger as possible in structure that defines relationships between a set of attributes 7 order to overcome dictionary attacks. used to encrypt data. In ABE system, Key Generation Server Shucheng et al. [133] proposed a distributed fine-grained (KGS) generates for each legitimate user a private key based on access control scheme based on KP-ABE for wireless sensor its attributes, and also a public key used to encrypt data based networks called FDAC. The authors consider sensor node propon predefined policy. A legitimate user is able to decrypt data erties such as its geographic location, the type of sensor’s data, only if it holds the sufficient attributes that satisfy the policy. time, its owner, etc. as attributes to define access policies in • Key Policy ABE (KP-ABE): In this scheme, the data order to control the access of users to sensor data encrypted unowner defines an access structure A and encrypts data der the defined attributes. The main properties of the scheme based on a set of attributes I. A user which wants to deare that sensor nodes may change seamlessly their attributes as crypt the cipher-text must holds the attributes that satisfy well as its capacity to support data aggregation. The feasibility the access structure A to be able to derive the private key of the solution is evaluated with real experiments under iMote2 that decrypts the cipher-text [52] (see figure 4). platform. In [54], the authors addressed the key storage in CP-ABE in • Cipher-text Policy ABE (CP-ABE): In this scheme, the IoT context. Mostly the encryption key is constant-size (does encryption is based on the access structure A. A legitinot depend on the number of attributes). The proposed solumate user is a user who holds a set of sufficient attributes tion is provably secure in the selective security model. HowI that satisfies the access structure (policy A) attached to ever, this solution generates big ciphertexts which create a big the ciphertext [16] (see figure 5). problem for IoT devices that are highly constrained in terms of bandwidth and storage. Attribute-Based Encryption is considered as a promising In contrast, Müller et al. in [92] proposed a multi-distributedscheme for many applications such Cloud computing, multicast authorities based ABE solution for IoT environments. The socommunication, M2M, etc. Particularly, in Internet of Things’ lution is kind of an adaptation of ABE to support a distributed applications, we need often efficient mechanisms that ensure access policy among a set of authorities, where the generation fine-grained access control to IoT data based on the roles of of secret keys from the attributes is handled with the collaborathe users in the IoT systems. We can take as an example, the tion of several authorities. Each authority generates a sub-key Healthcare applications where EHRs (Electronic Healthcare Records) taking in consideration its maintained access policy. related to patients are only accessed by physicians and nurses The most existing ABE schemes are based on expensive bibased on their roles in the hospital institution. This is achieved linear pairing operations, which are, in general, not suitable for by ABE thanks to its scalability, efficiency and its fine-grained constrained devices in IoT. For this reason, some researches capability. However, the complexity and the high overhead inhave been conducted in order to propose a lightweight nonduced by the cryptographic operations in ABE schemes make pairing ABE schemes. The contribution in [132] is new lightweight its application in resource-constrained devices very difficult. ECC-Based ABE scheme that consists on replacing pairing opThese drawbacks are serious problems to overcome in order to erations by point scalar multiplication on elliptic curves. Under adapt ABE in IoT applications. the ECDDH assumption, the authors proposed a security proof In [124], the authors proposed a distributed lightweight ABE of the scheme in the attribute based selective-set model. solution based on CP-ABE scheme. The solution takes advanIn [118], the authors tackled the problem of integrity and tage of IoT heterogeneous nature which consists to delegate the authentication in IoT with an expressive attribute based signamost costly cryptographic operations (exponentiation) to more ture (ABS) scheme. The scheme preserves the privacy of signpowerful nodes. However the solution consumes a lot of banders and don’t leak any information about users. However the width, as objects exchange cryptographic information in order scheme is still heavy computational for both the signer and the to accomplish the encryption process. The cost due to message signature’s checker as it uses a lot of pairing operations and exexchanges is very considerable in the radio field and must not ponential computations. Thus the scheme is not quite suitable be neglected. for IoT constrained devices. In the context of communication based groups in IoT, the 7 properties related to the users in the system, for example: PhD student can authors in [121] proposed to combine Attribute Based Encrypbe considered as an attribute tion schemes and Publish Subcribe based MQTT messaging architecture in order to ensure data encryption as well as the se11.

(13) Attribute Set: "Director". Director. Encrypted under a set of attributes {"Doctor", "Director"}. researcher. Doctor. Director. Reashersher. Doctor Attribute Set : "Doctor", "Surgeon". surgeon. Fig. 4. Key Policy ABE (KP-ABE).. Fig. 5. Ciphertext Policy ABE (CP-ABE).. curity requirements in group communications, namely forward and backward secrecy. the proposed solution ensures a flexible keys updating in case of join/leave procedures in MQTT architecture. In order to study the adaptability and feasibility of applying ABE schemes, namely CP-ABE and KP-ABE, on smartphone and IoT devices, Ambrosin et al. [9] have conducted intensive experiments in diverse mobile platforms (smart-phones, laptops, etc.) based on different OS (Android, Windows). The obtained results demonstrate the feasibility of ABE in smartphones and similarly for IoT devices. On the other hand, authors in [1] proposed a lightweight hardware implementation of CP-ABE scheme on Field Programmable Gate Array (FPGA). As a proof of concept, CP-ABE based 16 bits key size was tested with different setups. It’s worth noting that with the conducted experiments, the scheme is quiet less power consuming.. or control data [21]. Nevertheless, tagging mechanisms might cause a challenge for constrained devices as tags’ sizes raise according to the size of data and also generate additional expensive computations. In [47], authors demonstrated the applicability of tagging mechanism for constrained programmable micro-controller (PIC) by providing lightweight code templates dedicated to resource-constrained devices in order to add tags to data flows. ZKP (Zero Knowledge Proof) is a powerful mechanism largely used to ensure the privacy of users’ identities. The idea behind ZKP is to allow to one party (prover) to demonstrate to another party (verifier) some property by proving its possessing of some information without disclosing it [28]. This concept is very useful to develop security protocols while preserving the privacy of users’ data and properties. In contrast, Ioannis et al. [28] proposed an evaluation of some ZKP protocols based on the Discrete Logarithm Problem on elliptic curves (ECC) for resource-constrained devices. The obtained results demonstrate that using ECC (with 1024 key’s length) comparing to RSA provide less execution time and less memory with the same level of security. Importantly, with small message sizes, the energy related to the communication is minimized. However, beyond some threshold, the ZKP protocols became more overloaded which is due to the fragmentation of messages. K-anonymity model is another potential approach to protect the privacy of data in Internet of Things’ applications. Considering the context of a set of homogenous data stored in a table where each column represents a record of these data which is owned by some specific user. The K-anonymity models aim to protect each record in the table and make it indistinguishable from at least k − 1 records in the same table by hiding the sensitive information about its owner [119]. These sensitive information may be the ages, the phone numbers, the addresses, etc. This model is largely adopted in big data and cloud applications to protect the privacy of data streams issued by different users. Particularly, in IoT applications, there are also some attempts to adopt k-anonymity models [95, 63, 65]. In [63], authors proposed context aware k-anonymity model with conjunction to other privacy protection mechanisms to protect data issued from sensor nodes in WSN. Huo-wang et al. [65] investigated a clustering technique to propose a k-anonymity model to hide sensitive data about the locations of sensor nodes in IoT context. The idea behind the solution is to gather the data related to the sensor nodes located in different regions in different. 5.2. Privacy solutions Actually preserving privacy in IoT is mandatory as data issued by smart objects are very sensitives and inherently related to real life’s individuals. The main goal of privacy techniques is to ensure the following requirements: • Anonymity: Property ensuring that a third entity is unable to identify person’s identity among other identities in the system. • Unlinkability: Impossibility to cover the persons’ identity from the information they produce. • Untraceability: Difficulty to track actions and information issued from the behavior of an entity in the system. The privacy solutions aim to protect sensitive data and also provide mechanisms that hide users’ identities in such way the intruders cannot know about their behaviors. In the following, we discuss some solutions proposed in the literature that address the privacy of data and user’s behaviors in Internet of Things. 5.2.1. Data privacy Data tagging is one of the most known techniques, mainly used to ensure privacy of data flows. The idea behind this concept is to associate additional labels called tags, to data flows in order to allow trusted computing entities to reason about flows of private data and thus hide identities of individuals who hold 12.

(14) classes to make them indistinguishable. 5.2.2. Privacy of users’ behaviors In Internet of Things, users and objects perform actions in the systems such as access to sensor data, control remote actuators, etc. Therefore, it’s mandatory that their behaviors should be protected against malicious intruders. In what follows, we discuss some works that aim to protect the privacy of users’ behaviors. In [136], the main contribution is a privacy-aware access control protocol called DP2 AC in Wireless Sensor Networks based on RSA blind signature mechanism. In this solution, the owner of data signs the hash of an arbitrary integer m generated by some user x which forms an access token. So, the user x uses the token < m, (σ(m) = (h(m))d , where h(m) and σ(m) are respectively the hash of the integer m and the signature of the message m using the owner’s private key d > to prove its capability to access data. The verifier which holds the data, checks if h(m) = σ(m)e = h(m)ed to control the access of the user x without necessarily leaking any information about its identity. The protocol has the advantage to be simple and efficient. However, it does not ensure fine grained access as all users have the same privileges to access sensor data. According to [34], decentralized approaches can enhance privacy more than centralized approaches as they do not rely to any central entity which might track data flows and thus can probably deduce sensitive information of individuals from the exchanged data. In contrast, Alcaide et al. [7] proposed a fully decentralized authentication protocol that preserves the privacy of users. Besides, users in the system are authenticated by data collectors in a flexible manner based on Anonymous Access Credentials which are unlinkable. In [117], authors proposed a capability-based access control mechanism by introducing lightweight tokens to access CoAP 8 (Constrained Application Protocol) IoT resources while preserving the privacy of data over end-to-end communications. The token is exchanged in GET CoAP requests and contains the necessary information to control the access to device resources such as request Id, subject Id, Device Id, Issuer Id, Issued time, ESDSA signature, etc. Recently, Samet et al. [123] investigated a new mechanism based on Data Obfuscation schemes in order to preserve the privacy of the exchanged metrics in smart grid AMI networks. The idea of data obfuscation is that each gateway creates and distributes obfuscated values to smart meters. Then, smart meters slightly disturb the sensed data based on obfuscated values and transmit them again to the utility control center, which can do estimation about the received data containing basically the electricity consumption of smart meters. This solution is lesscomputational which makes it applicable in resource-constrained devices. However, it generates a lot of overhead in the AMI network infrastructure. 8 Considered. as an alternative of HTTP in IoT environments. 5.3. Availability solutions In IoT, the availability of the system is one of the most important security services needs to be protected against malicious attacks (like DoS/DDoS) or unintentional failures. Very often, the damages caused by the violation of the availability are tremendous which can be economical losses (in manufacturing systems) or safety damages (in transportation systems). Furthermore, ensuring the availability is a very challenging task because attackers exploit all types of vulnerabilities in different levels (network, software design, cryptographic algorithms, etc.) to break the system. For example, in October 21, 2016, one of the largest American computer companies providing DNS service, DYN (Dyn Managed DNS) was attacked by hackers who used a type of DDos attack exploiting IoT devices. During this attack, many known sites were blocked for 10 hours, such as Amazon, BBC, PayPal, etc. The attackers take advantage of comprised IoT devices (such as surveillance cameras) infected with the malicious software named Mirai to relay massive packet streams. 5.3.1. IoT DoS/DDoS countermeasure approaches IP Traceback methods are powerful mechanisms largely adopted in IP based networks such as Internet to detect DoS and IP flooding attacks in real-time. These methods focus mainly to enhance the security of IP based lightweight protocols basically designed as adaptations of the traditional TCP/IP protocols in the Internet of Things. DTLS 9 (Datagram Transport Layer Security), 6LoWPAN 10 (IPv6 Low power Wireless Personal Area Networks), RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks)) are just examples among other protocols widely adopted in the world of IoT which provide confidentiality and integrity of end-to-end exchanged information between IoT devices [107]. However, these protocols are not initially designed to deal with the most common IP based DoS/DDoS attacks. Many solutions have been investigated to enhance DTLS based transport layer and RPL based 6LoWPAN routing protocol in order to turn them more robust and secure against DoS attacks. In these solutions, IP routers and IoT gateways inspect and analyze packets in order to identify eventual malicious behaviors and take actions accordingly. Regarding TCP/IP transport layer, the contribution in [84] consists on an enhancement of the DTLS protocol in order to mitigate DoS/DDoS against IoT devices and gateways. The enhancement is done by extending the process of the DTLS handshake with an additional cookie exchange technique where the server, before resource reservation, sends an authentication cookie’s code to the client through HelloVerifyRequest message. This later, upon receiving the message, could authenticate the server and sends again to the server a new authentication cookie encapsulated in Hello message. To prevent IP spoofing attacks during the handshake phase, a mutual authentication step is done between the client and the server through a Gateway. 9 An alternative standard of TLS, it is a UDP-based protocol which is less network overloaded 10 Lightweight based IPv6 protocol to address IoT devices. 13.

(15) On the other hand, in TCP/IP network layer and specifically in the routing level, many security enhancements of RPL and 6LoWPAN based IoT architectures are proposed. In contrast, Kasinathan et al. [67] proposed an architecture to protect IoT based 6LoWPAN devices against DoS attacks as well as jamming and tampering attacks in the context of the European project called ebbits 11 . The main contribution is twofold: first, the design of Intrusion detection manager that is charged to protect constrained devices against DoS attacks. Second, the design of the IDS (Intrusion Detection System), operating in promiscuous mode, that is responsible to monitor 6LoWPAN packets and raises alerts in case of any misbehavior. The solution is based on Suricata IDS 12 that uses the signature based detection technique. Likewise, Hummen et al. [64] investigated the attacks related to 6LoWPAN fragmentation mechanism, basically two attacks were studied: fragment duplication attacks and buffer reservation attacks which both of them aim to prevent the availability of the IoT devices. They proposed a mitigation approaches that counter to these attacks. In the routing level, Rghioui et al. [101] surveyed the potential DoS attacks that could disturb RPL and 6LoWPAN IoT protocols. They proposed also mitigation solutions of theses attacks based on IDS approach. Likewise, recently, [109] focused on intrusion detection in RPL based 6LoWPAN. They proposed some extensions of the protocol by exploiting the ETX (Expected Transmissions) metric as a mechanism to prevent malicious nodes. Recently, Cusack et al. [35] discussed and compared many IP traceback approaches based on some metrics such as storage requirements, processing overhead, bandwidth overhead, scalability, etc. Artificial intelligence techniques such as Artificial Neural Networks (ANN) are considered as one of the most powerful techniques used to design efficient IDS. For example, in [37], authors investigated the application of ANN to detect DoS attacks in IoT. Two kinds of ANNs were evaluated, namely : 1) Multilayer Perceptron with Limited Weights and 2) Multilayer Perceptron with normal weights in order to verify which one is more adequate as an IDS in IoT. It’s worth noting that both of ANN techniques reduce false positive detection under training process, however they consume a lot of memory which makes them not quite suitable for constrained IoT devices. Others researchers [82] investigated the possibility of applying Cumulative Sum (CUMSUM) algorithm in order to detect DDoS attacks in the context of IoT. The main aim of CUSUM algorithm is to detect real time changes in statistic process issued from data streams. The DDoS detection is done by analyzing the network traffic and computing statistics about it. The algorithm handles, continuously, these statistics to eventually detect changes which are related to any misbehavior in the network traffic. A trade-off between False Positive Rate and Detection Rate is also investigated by playing on CUMSUM algorithm parameters. Other works have tackled with DoS attacks related to routing protocols in WSN and Internet of Things. Indeed, secu11 https://www.fit.fraunhofer.de/en/fb/ucc/projects/ebbits.html 12 https://suricata-ids.org/. 14. rity of routing protocols is a fundamental field of research as many IoT applications use in general wireless mesh or ad-hoc network infrastructures to exchange data in real time. It is the case, for example, of AMI in smart grids and ad-hoc infrastructures in Vehicular Networks. In [6], authors interested in healthcare applications. They studied several mesh routing protocols in order to choose the most robust and secure protocol against DoS attacks. They focused on one type of DoS attacks that aims to divert the routing protocol behavior from its initial function. For example, routing attacks that force some network nodes to reroute data to inappropriate destination. Simulation results confirmed that PASER protocol is the most suitable for Healthcare applications and it is resilient against Hello Flooding attacks. 5.4. Discussion In table 4, we present an application-centric classification of cryptographic based security solutions in IoT. Overall, we note that classical security solutions presented in this section are efficient in terms of optimization of resources such as computation, memory and bandwidth, however they don’t meet scalability, heterogeneity and mobility challenges. 6. New emerging security solutions for Internet of Things Internet of things promises to connect everything together anywhere and everywhere. All devices must interact efficiently with each other in a secure, scalable and reliable ways. Actually with the current centralized architecture, it could be difficult and challenging to deal with scalability in huge IoT networks. This issue may be solved by adopting a new approach of security emerged away from the current centralized model. New emerging approaches deal very efficiently with scalability, interoperability and compatibility issues. Hereafter, we discuss two emerging technologies which are being adopted as approaches to ensure security in IoT environments and deal very efficiently with scalability issues. 6.1. Software Defined Networking based solutions The Software Defined Networking (SDN) is a new paradigm that has revolutionized the world of networks, thanks to the programmability and the intelligence it has introduced into the network. The main idea behind this concept, which began in 2011, is to separate the network control plan and the data plan. Using this paradigm, we can do centralized control and configuration of networks as well as dynamic management of network traffic. In SDN architectures, devices (routers, switches, gateways and IoT devices in general) do not make control decisions like forwarding tables and ACL rules [62]. Instead of that, they learn these rules from central component called SDN controller, which is managed to take all decisions in the network using protocols like Openflow. Devices in SDN architecture handle packets based on flow tables dictated by SDN controller. A typical SDN architecture is depicted in the figure 6. SDN is an efficient solution to meet some challenges in IoT environments where most of devices have limited network.